InnoHEALTH magazine interviews MocDoc
Hospitals, like any other modern organization, increasingly rely upon IT systems for a wide variety of administrative and clinical functions. These establishments are highly complex in terms of processes, which can have constant activity 24/7×365. Also, we must not ignore the fact that most of the equipment and diagnostics technologies used in medicine are using highly computerized components. This entire network of devices, equipment and systems that often require connection to external systems, is a very critical and complex environment to control.
Cybersecurity helps in keeping the information of the patient confidential for legal purposes and also prevents cybercrimes. With increasing cyber crimes nowadays, InnoHEALTH magazine took initiative to interview some cybersecurity providers who can help become resilient and mitigate the crisis.
Disha Soni and Prateek Malhotra interviewed Mr. Senthilkumar P.M – Founder & CEO – MocDoc on behalf of InnoHEALTH magazine.
- As a preface, would you like to tell us a little about yourself, and how your services and products impact the health sector?
MocDoc is a modern healthcare platform which provides integrated clinical, financial and management solutions to hospitals, clinics and laboratories. Since our solution integrates every department, unlike other patchy solutions, it is able to provide holistic information to management.
- What type of healthcare set-ups make up the majority of your business?
Our solution (MocDoc HMS, MocDoc LIMS and MocDoc CMS) is capable of serving a single clinic to a chain of hospitals and labs. Our lab solutions are used by small labs to big labs with hub and spoke models with centralised processing centers & sub processing centers, collection centers and with home collection primarily using smart phone apps. Our focus currently on hospitals, labs and chain of clinics in India and few other countries.
- How has the health IT industry changed over the past few years and what are the major changes you have seen concerning the adoption of digitization in the healthcare sector in the last five years?
We have been witnessing a lot of startups innovating in healthcare IT in the last 5 to 10 years. From doctor discovery platforms to digitizing internal processes to provide advanced medical care to those in need and many of them seem to be working on preventive space too. Usually healthcare is slow to adapt technology advancements due to various reasons but technology is really penetrating and a lot of young doctors are adapting and realizing the benefits of technology. We are simplifying technology inside healthcare setup by integrating with various departments, equipment and automating many processes. Once inside processes are standardized we have opportunities to connect the doctors
- In general, then, what are the main security risks that a practice faces when shifting from the paper-based to electronic records? What are some of the best ways to minimize those risks?
One of the primary reasons for digitizing patient records is easy access by care providers so that they can do better care by accessing, analysing it and also help reduce errors besides other benefits. Security should be considered after though, it should be part of people, process and technology – it goes multiple ways into multiple layers. Since servers are connected (on prem or on cloud), all basic security measures to be taken care of. Security best practices and technology around that is already in place and getting evolved too. Basic security measures like transport level security (https and http2) guarding and updating security components periodically whenever security fix got released, using right encryption for data storage plays an important role in modern healthcare systems. Besides, application level security like secure hashing, role and privilege based access control etc should be used across the system. However every organization should also have social behaviour around security measures like password management and multi factor authentication plays an important role. Especially in healthcare setup, understanding the importance of HIPAA compliance and taking that into every department and people working on the healthcare system is vital to maintain patient security and privacy. Having a security audit in place is very important.
- At your end what security compliances and practices do you follow?
We are following all security best practices right from basic transport & application security to what guidelines advocated in OWASP and more importantly HIPAA which is vital in healthcare setup. ISO 27001 prescribes technical, legal and physical controls.
- Would you like to share any cyber incidents that you have faced in the recent past in your setup or at your clients and how did you handle it?
Since we follow security procedures meticulously, we periodically undergo audits and try to find out security vulnerabilities as early as possible. We quickly patched POODLE, Heartbleed vulnerabilities soon it was known.
- What is your assessment of the upcoming Personal Data Protection bill, will it impact your business? What challenges do you see for the health sector?
We are always trying to adapt best practises and law of land. Certain industries object to certain clauses in PDP but every country should have measures to protect their citizens. GDPR is the best example but still there are issues in understanding and how it is got to be enforced etc. It is a double edged sword, security/privacy/protection is very important but that should not stifle the innovation.
- How do you think enforcement of the proposed DISHA act will impact your business?
DISHA act is an important step in the right direction. As we serve multiple countries with even stringent regulations, we see this is going to be a good opportunity for others to improve security and privacy of patient data.
- In regards to improved security in the digitisation journey of Indian health sector. What is your advice to healthcare delivery organisations?
Complete comprehensive Security is the moving target. Threat is evolving at the same time security measures and mitigation are also evolving. Data breach not only costs money but it costs the reputation of the organisation. We have seen many million dollar ransomware attacks, disclosures of private data etc happening across the world including in India. Consider security as an important pillar and build right into application and align processes and people with it. It is good to follow web and healthcare standards and best practices like OWASP, HIPAA etc.
- With AI and other emerging technologies in mind. What are the opportunities and challenges you see in handling large scale health data? New job roles that you foresee in regards to data protection and processing?
If you look at the kind of data generated in healthcare, it is huge and it varies from structured to unstructured. We can see AI is successful to some extent in image recognition and processing. There are companies successfully piloted AI in healthcare especially in the imaging side. The problem is complexity of human health and factors associated with it are wider. AI can be successful to certain extent when we narrow down the focus and point towards specific problems. We at MocDoc are exploring AI in the laboratory side combined with clinical outcomes. With mass adoption of wearable technology, and improvement in sensors there is an opportunity to provide good quality data that can be used to train models in future.
- What are your future plans and any message for our readers?
This is going to be a golden period for healthcare technology. Wearable tech, consumerization of health tech is happening in a fast phase driven by Apple watch and other wearable vendors. Since healthcare is a big and complex industry, it needs common and simple standards but it is riddled with compliance and myriad of standards. Some of our customer facing tech like telemedicine (online consultation) and mobile health apps gaining support from our customers and patients alike. We are taking the B2B2C approach and going deep with technology so that our customers get a chance to work on a simple holistic platform.
Interviewed by: Disha Soni and Prateek Malhotra